CHANGES revision ff5e24709209b13601480827b0fecf32c428ff32
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User -*- coding: utf-8 -*-
c80e152862cc3e3207dc837fde7116bd4c0e4b9dTinderbox UserChanges with Apache 2.3.7
8d1b3ceb4d491ce32572f1702f37ed585eede993Evan Hunt *) SECURITY: CVE-2010-1452 (cve.mitre.org)
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt mod_dav, mod_cache, mod_session: Fix Handling of requests without a path
d77cb075aae5595e460e3299bfc1e8ea5d42b560Evan Hunt segment. PR: 49246 [Mark Drayton, Jeff Trawick]
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews *) core/mod_authz_core: Introduce new access_checker_ex hook that enables
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews mod_authz_core to bypass authentication if access should be allowed by
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews IP address/env var/... [Stefan Fritsch]
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews *) core: Introduce note_auth_failure hook to allow modules to add support
7ec97ae74e42ec21b354fd2d1366313b41d947d6Evan Hunt for additional auth types. This makes ap_note_auth_failure() work with
701a93f5a592e4652343e049aa495d409c3ee133Mark Andrews mod_auth_digest again. PR 48807. [Stefan Fritsch]
002f1373374a0b72fc0329baa682917929bef168Tony Finch *) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews *) mod_authn_cache: new module [Nick Kew]
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews *) configure: Add reallyall option for --enable-mods-shared. [Stefan Fritsch]
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews *) Fix Windows build when using VC6. [Gregg L. Smith <lists glewis com>]
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews *) mod_rewrite: Allow to set environment variables without explicitly
73cf0ba4e82c6baef638ecc4e31321223f841d28Mark Andrews giving a value. [Rainer Jung]
d8351dfc9b725b0d727be7acab6247d7d501d9a0Mark Andrews *) mod_rewrite: Remove superfluous EOL from rewrite logging. [Rainer Jung]
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt *) mod_include: recognise "text/html; parameters" as text/html
3a29ce9c08dd31709c73e7187aebda0d360c537bEvan Hunt PR 49616 [Andrey Chernov <ache nagual.pp.ru>]
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews *) CGI vars: allow PATH to be set by SetEnv, consistent with LD_LIBRARY_PATH
f1740da065d4555039fe8bb53beb4153e3f94de3Mark Andrews PR 43906 [Nick Kew]
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews *) Core: Extra robustness: don't try authz and segfault if authn
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews fails to set r->user. Log bug and return 500 instead.
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews PR 42995 [Nick Kew]
31c7ab4fb3f7710af87dc9c3d64c5daf9a3dea35Mark Andrews *) HTTP protocol filter: fix handling of longer chunk extensions
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews *) Update SSL cipher suite and add example for SSLHonorCipherOrder.
635e4351b04fd61ca6d853bdac6268c090b55129Mark Andrews [Lars Eilebrecht, Rainer Jung]
fc04365d2f83f197c8a54545dd9cd4ce6a209940Mark Andrews *) move AddOutputFilterByType from core to mod_filter. This should
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews fix nasty side-effects that happen when content_type is set
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews more than once in processing a request, and make it fully
7cbac360bf98c0a52b2d6866ad887616c32d4d3aMark Andrews compatible with dynamic and proxied contents. [Nick Kew]
1cf118a656f5fd210787908b845362077fc507f8Evan HuntChanges with Apache 2.3.6
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt *) SECURITY: CVE-2009-3555 (cve.mitre.org)
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt attack when compiled against OpenSSL version 0.9.8m or later. Introduces
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
1cf118a656f5fd210787908b845362077fc507f8Evan Hunt and offer unsafe legacy renegotiation with clients which do not yet
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman support the new secure renegotiation protocol, RFC 5746.
6fb3db01acad7f5c1f4e23789fb0f2ce56cc07deMukund Sivaraman [Joe Orton, and with thanks to the OpenSSL Team]
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman *) SECURITY: CVE-2009-3555 (cve.mitre.org)
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman by rejecting any client-initiated renegotiations. Forcibly disable
fd82c70695888c134287b8018296028c252d100eMukund Sivaraman keepalive for the connection if there is any buffered data readable. Any
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews configuration which requires renegotiation for per-directory/location
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews *) SECURITY: CVE-2010-0408 (cve.mitre.org)
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
2cf0fe3b8092f64f8f68ae3693fe2e73e90ad1a4Mark Andrews when request headers indicate a request body is incoming; not a case of
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt *) SECURITY: CVE-2010-0425 (cve.mitre.org)
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt mod_isapi: Do not unload an isapi .dll module until the request
4221d9cd1d02311fbf9b5f08a038f5af78b10b4aEvan Hunt processing is completed, avoiding orphaned callback pointers.
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont *) core: Filter init functions are now run strictly once per request
f9c410d93711fbf312a0162f1e2d3f2a5ede69afFrancis Dupont before handler invocation. The init functions are no longer run
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień for connection filters. PR 49328. [Joe Orton]
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień *) core: Adjust the output filter chain correctly in an internal
e526027287b849f0b6ab6e069156697cbafa22c1Michał Kępień redirect from a subrequest, preserving filters from the main
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman request as necessary. PR 17629. [Joe Orton]
929329d2d66a7e1083c70a9c918381935bf12799Mukund Sivaraman *) mod_cache: Explicitly allow cache implementations to cache a 206 Partial
7e1a62eea2e4ba9d6c3fc718e679b965fa514f69Mark Andrews Response if they so choose to do so. Previously an attempt to cache a 206
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews was arbitrarily allowed if the response contained an Expires or
ec29d217ba3a2bf3e617a7b5b6708ae221bee999Mark Andrews Cache-Control header, and arbitrarily denied if both headers were missing.
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews [Graham Leggett]
afefd754734f896bf3e0590177fff83e7cdfdf35Mark Andrews *) core: Add microsecond timestamp fractions, process id and thread id
f0353a586c2bfbae999193cb644b6bc94c7944d8Mark Andrews to the error log. [Rainer Jung]
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt *) configure: The "most" module set gets build by default. [Rainer Jung]
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt *) configure: Building dynamic modules (DSO) by default. [Rainer Jung]
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt *) configure: Fix broken VPATH build when using included APR.
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt [Rainer Jung]
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt *) mod_session_crypto: Fix configure problem when building
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt with APR 2 and for VPATH builds with included APR.
7ff28f5befbee76048a23e504dcd3f9a44ce6209Evan Hunt [Rainer Jung]
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews *) mod_session_crypto: API compatibility with APR 2 crypto and
cad79077bd5b2616bc4a7a6b3cbc0953bef8917fMark Andrews APR Util 1.x crypto. [Rainer Jung]
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews *) ab: Fix memory leak with -v2 and SSL. PR 49383.
adfe58e8e5cd1890585e92b67f1fd01989a1fa7dMark Andrews [Pavel Kankovsky <peak argo troja mff cuni cz>]
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews *) core: Add per-module and per-directory loglevel configuration.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews Add some more trace logging.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews mod_rewrite: Replace RewriteLog/RewriteLogLevel with trace log levels.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews mod_ssl: Replace LogLevelDebugDump with trace log levels.
c3237dec879f82855403ff7e3ba87b298172efd5Mark Andrews mod_ssl/mod_proxy*: Adjust loglevels to be less verbose at levels info
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews mod_dumpio: Replace DumpIOLogLevel with trace log levels.
cb616c6d5c2ece1fac37fa6e0bca2b53d4043098Mark Andrews [Stefan Fritsch]
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns
c0a2210466dec0cc81ebf2ffbe21693b57b9c29cMark Andrews title page only) when any mod_ldap directives were used in VirtualHost
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews context. [Eric Covener]
534057c9f91a3eb6e0541f3526459c716239b337Mark Andrews *) mod_disk_cache: Decline the opportunity to cache if the response is
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews a 206 Partial Content. This stops a reverse proxied partial response
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews from becoming cached, and then being served in subsequent responses.
0f14b041328c062b1fa391887376388dfc8b2fe5Mark Andrews [Graham Leggett]
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews *) mod_deflate: avoid the risk of forwarding data before headers are set.
f7f4730e563a2749629fe7fef4cd9513cd2bfab7Mark Andrews PR 49369 [Matthew Steele <mdsteele google.com>]
1848d38f441ebf70ab21f6151bc3487a92d25b63Mark Andrews *) mod_authnz_ldap: Ensure nested groups are checked when the
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews top-level group doesn't have any direct non-group members
2d82ed9456e72dc4373bea19d63411afe1c48962Mark Andrews of attributes in AuthLDAPGroupAttribute. [Eric Covener]
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews *) mod_authnz_ldap: Search or Comparison during authorization phase
a5a1cbece45e6ca68aafe3b9b995eac6b0f45dd2Mark Andrews can use the credentials from the authentication phase
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews (AuthLDAPSearchAsUSer,AuthLDAPCompareAsUser).
0d6328ce5f6b799f8e7c6cbbb3b965cf29bfb7baMark Andrews PR 48340 [Domenico Rotiroti, Eric Covener]
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews *) mod_authnz_ldap: Allow the initial DN search during authentication
677f507de7c546c187c1505c48bc7b440545485cMark Andrews to use the HTTP username/pass instead of an anonymous or hard-coded
677f507de7c546c187c1505c48bc7b440545485cMark Andrews LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern).
677f507de7c546c187c1505c48bc7b440545485cMark Andrews [Eric Covener]
e01ef6f01c7e8f80122cd80a2e011425a0135489Mark Andrews *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix
677f507de7c546c187c1505c48bc7b440545485cMark Andrews when this module is used for authorization. See AuthLDAPAuthorizePrefix.
677f507de7c546c187c1505c48bc7b440545485cMark Andrews PR 45584 [Eric Covener]
677f507de7c546c187c1505c48bc7b440545485cMark Andrews *) apxs -q: Stop filtering out ':' characters from the reported values.
677f507de7c546c187c1505c48bc7b440545485cMark Andrews PR 45343. [Bill Cole]
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews *) prefork MPM: Run cleanups for final request when process exits gracefully.
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews PR 43857. [Tom Donovan]
677f507de7c546c187c1505c48bc7b440545485cMark Andrews *) ab: fix number of requests sent by ab when keepalive is enabled. PR 48497.
677f507de7c546c187c1505c48bc7b440545485cMark Andrews [Bryn Dole <dole blekko.com>]
bf459d24a117ae2c54c37016430b41cd6d73491cMark Andrews *) Log an error for failures to read a chunk-size, and return 408 instead of
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt 413 when this is due to a read timeout. This change also fixes some cases
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt of two error documents being sent in the response for the same scenario.
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt [Eric Covener] PR49167
f53e0bda467d96dfeeba1b4da30c37b37766bb75Evan Hunt *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień to control/set the nonce used in the balancer-manager application.
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień [Jim Jagielski]
81e3e3084980afcd61416f572c6e72d38a3808abMichał Kępień *) mod_proxy_connect: Support port ranges in AllowConnect. PR 23673.
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews [Stefan Fritsch]
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews *) Proxy balancer: support setting error status according to HTTP response
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews code from a backend. PR 48939. [Daniel Ruggeri <DRuggeri primary.net>]
64d7fa3ec4785b390665860aa6bdae304b3c1d24Mark Andrews *) htcacheclean: Introduce the ability to clean specific URLs from the
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews cache, if provided as an optional parameter on the command line.
75505befa93c993aa5d2df24a2b64eac0c34cbffMark Andrews [Graham Leggett]
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień *) core: Introduce the IncludeStrict directive, which explicitly fails
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień server startup if no files or directories match a wildcard path.
a38f07c73790170842e4523b4a474d01ca0dede1Michał Kępień [Graham Leggett]
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews *) htcacheclean: Report additional statistics about entries deleted.
39d5523a8afc73cbdb4fa426de2ce071267a5d6fMark Andrews PR 48944. [Mark Drayton mark markdrayton.info]
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień *) Introduce SSLFIPS directive to support OpenSSL FIPS_mode; permits all
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień builds of mod_ssl to use 'SSLFIPS off' for portability, but the proper
1f4a3c7088594d1b64cd734eb69e1fd023fde8bfMichał Kępień build of openssl is required for 'SSLFIPS on'. PR 46270.
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews [Dr Stephen Henson <steve openssl.org>, William Rowe]
91827e6fd3851a5fe129ef5409ff45833ca01a0eMark Andrews *) mod_proxy_http: Log the port of the remote server in various messages.
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień PR 48812. [Igor Galić <i galic brainsware org>]
35aae5884f410180706a89a9715bf9a85eeeb4b7Michał Kępień *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień connections and other protocol handlers (like mod_ftp). [Stefan Fritsch]
57b1d64d9ae12d56973716e96f9743a00d47af4aMichał Kępień *) mod_proxy_ajp: Really regard the operation a success, when the client
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień aborted the connection. In addition adjust the log message if the client
2d517e233ff3b3fcd272eb5b2e2d3db6d31a1681Michał Kępień aborted the connection. [Ruediger Pluem]
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews *) mod_ssl: Add the 'SSLInsecureRenegotiation' directive, which
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews allows insecure renegotiation with clients which do not yet
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews support the secure renegotiation protocol. [Joe Orton]
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews *) mod_ssl: Fix a potential I/O hang if a long list of trusted CAs
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews is configured for client cert auth. PR 46952. [Joe Orton]
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews *) core: Only log a 408 if it is no keepalive timeout. PR 39785
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews [Ruediger Pluem, Mark Montague <markmont umich.edu>]
09c3efda414314d7edcfb2aed9463fb935fc95a6Mark Andrews *) support/rotatelogs: Add -L option to create a link to the current
86d2f9abc8493321aacb0d540485de4d562fb734Mark Andrews log file. PR 48761 [<lyndon orthanc.ca>, Dan Poirier]
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory
c7e57ce1b0bca9bc7da14bec485f7a7e3e4c761fMichał Kępień setting only, matching most of the documentation and examples.
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews PR 46541 [Paul Reder, Eric Covener]
3ed16e796dba90c96933c8a8a3f5b9404d8d3e61Mark Andrews *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener]
14d8a144779b54b103d2da741a2242bf5f9052f7Mark Andrews *) mod_negotiation: Preserve query string over multiviews negotiation.
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews This buglet was fixed for type maps in 2.2.6, but the same issue
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews affected multiviews and was overlooked.
70e041bea19b6ad9522b89c2299ad315a2deaafdMark Andrews PR 33112 [Joergen Thomsen <apache jth.net>]
67247b4a8304bac790648a351a95b8b0f4c512a6Mark Andrews *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień when some are not password-protected. [Eric Covener]
eeb919b6f572e033d97cf001e4cd44aaff54e5dcMichał Kępień *) Fix startup segfault when the Mutex directive is used but no loaded
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews modules use httpd mutexes. PR 48787. [Jeff Trawick]
a55438eda32ecebf43ead45b216662b7923a465fMark Andrews *) Proxy: get the headers right in a HEAD request with
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt ProxyErrorOverride, by checking for an overridden error
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt before not after going into a catch-all code path.
8de17f83cafa91a5720dd0b8c1aee5f47f6d7f09Evan Hunt PR 41646. [Nick Kew, Stuart Children]
9789e54e55b61b669fb31a8b70e9655e8357dda2Mark Andrews *) support/rotatelogs: Support the simplest log rotation case, log
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews truncation. Useful when the log is being processed in real time
f8362536c647625e602c8450a778a2b7ba90c9f4Mark Andrews using a command like tail. [Graham Leggett]
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews *) support/htcacheclean: Teach it how to write a pid file (modelled on
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews httpd's writing of a pid file) so that it becomes possible to run
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews more than one instance of htcacheclean on the same machine.
24231e53a5c3079431f84dcddfee1e761fec7329Mark Andrews [Graham Leggett]
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień *) Log command line on startup, so there's a record of command line
4b669b69bae7dedda2faa09a7ade247499c1d49cMichał Kępień arguments like -f. PR 48752. [Dan Poirier]
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman *) Introduce mod_reflector, a handler capable of reflecting POSTed
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman request bodies back within the response through the output filter
eb11b39981689e4a20fbe95e533577eacab992b4Mukund Sivaraman stack. Can be used to turn an output filter into a web service.
8daeae9b01a2b7eb9fd6511b352b03bd7d96ae79Michał Kępień [Graham Leggett]
e7c0f978425f45731b08be1363f20626b0344f23Evan Hunt *) mod_proxy_http: Make sure that when an ErrorDocument is served
e7c0f978425f45731b08be1363f20626b0344f23Evan Hunt from a reverse proxied URL, that the subrequest respects the status
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt of the original request. This brings the behaviour of proxy_handler
01967d183990e44752fe61f193dab9c04c3afd9cEvan Hunt in line with default_handler. PR 47106. [Graham Leggett]
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews *) Support wildcards in both the directory and file components of
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews the path specified by the Include directive. [Graham Leggett]
575e9d9e4b6beaae688f107814a320b91243a4b2Mark Andrews *) mod_proxy, mod_proxy_http: Support remote https proxies
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt by using HTTP CONNECT. PR 19188.
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt [Philippe Dutrueux <lilas evidian.com>, Rainer Jung]
7c442d7fe06bc95432af7513764e5cc85e133648Evan Hunt *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień [Philip M. Gollucci]
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień *) worker: Don't report server has reached MaxClients until it has.
5e1ca7a326741a8f74e6f2b907c7e1fbf428bf80Michał Kępień Add message when server gets within MinSpareThreads of MaxClients.
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews PR 46996. [Dan Poirier]
8ed107eab48687887d45a1ceb18b712bc7209dbaTinderbox User *) mod_session: Session expiry was being initialised, but not updated
ba93bc80a7bce5ba07b2f98e68f0f57402f2459cMark Andrews on each session save, resulting in timed out sessions when there
5f103158280fb2e814db305f917aa42040221623Mark Andrews should not have been. Fixed. [Graham Leggett]
5f103158280fb2e814db305f917aa42040221623Mark Andrews *) mod_log_config: Add the R option to log the handler used within the
5f103158280fb2e814db305f917aa42040221623Mark Andrews request. [Christian Folini <christian.folini netnea com>]
e5715e1fe12e5ad17522bd41c31e637c869d27b7Evan Hunt *) mod_include: Allow fine control over the removal of Last-Modified and
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt ETag headers within the INCLUDES filter, making it possible to cache
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt responses if desired. Fix the default value of the SSIAccessEnable
b7b76d6b855cd4c1152c26d34fb61af05f965c5eEvan Hunt directive. [Graham Leggett]
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews *) Add new UnDefine directive to undefine a variable. PR 35350.
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews [Stefan Fritsch]
764e2f3413ca89d09abffb3eb228c8c820bf08b8Mark Andrews *) Make ap_pregsub(), used by AliasMatch and friends, use the same syntax
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt for regex backreferences as mod_rewrite and mod_include: Remove the use
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt of '&' as an alias for '$0' and allow to escape any character with a
a06198688faca5c7bc1a35ec0ec18bc68c07691cEvan Hunt backslash. PR 48351. [Stefan Fritsch]
50433a667cf0ed3ac7807768b745b0d870ff8c8bMark Andrews *) mod_authnz_ldap: If AuthLDAPCharsetConfig is set, also convert the
3c12bec945ee71a38c5ba6f624abd12e2da7eea5Mark Andrews password to UTF-8. PR 45318.
3c12bec945ee71a38c5ba6f624abd12e2da7eea5Mark Andrews [Johannes Müller <joh_m gmx.de>, Stefan Fritsch]
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews *) ab: Fix calculation of requests per second in HTML output. PR 48594.
f44202ab640d22e17b4c74bdad7817622918bd27Mark Andrews [Stefan Fritsch]
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień password now result in an informational level log entry instead of
ad9772c559c6aa42f8930f4acf1a2d833a08040aMichał Kępień warning level. [Eric Covener]
5d7d67f82a8913fae5f1098e111fe50edb86cd5bEvan HuntChanges with Apache 2.3.5
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt *) SECURITY: CVE-2010-0434 (cve.mitre.org)
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt Ensure each subrequest has a shallow copy of headers_in so that the
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt parent request headers are not corrupted. Eliminates a problematic
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt optimization in the case of no request body. PR 48359
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt [Jake Scott, William Rowe, Ruediger Pluem]
6216df5ccded056abd5db4abac4e5cbd78c73f45Evan Hunt *) Turn static function get_server_name_for_url() into public
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt ap_get_server_name_for_url() and use it where appropriate. This
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt fixes mod_rewrite generating invalid URLs for redirects to IPv6
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt literal addresses. [Stefan Fritsch]
56e30ebae6fdb0bdf94419caff3a43fb2d16c5dfEvan Hunt *) mod_ldap: Introduce new config option LDAPTimeout to set the timeout
c85920c0b4b2d4dc605c0b1d355881925bf410afMark Andrews for LDAP operations like bind and search. [Stefan Fritsch]
0612274565d80e0ad87a19920e561cce5bddb05bEvan Hunt *) mod_proxy, mod_proxy_ftp: Move ProxyFtpDirCharset from mod_proxy to
0612274565d80e0ad87a19920e561cce5bddb05bEvan Hunt mod_proxy_ftp. [Takashi Sato]
0612274565d80e0ad87a19920e561cce5bddb05bEvan Hunt *) mod_proxy, mod_proxy_connect: Move AllowCONNECT from mod_proxy to
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt mod_proxy_connect. [Takashi Sato]
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt *) mod_cache: Do an exact match of the keys defined by
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt CacheIgnoreURLSessionIdentifiers against the querystring instead of
f592d2f76cac7115038124c510d2ba3050334b4dEvan Hunt a partial match. PR 48401.
4ee1fbe056e812e661b856b4b448296331a40249Michał Kępień [Dodou Wang <wangdong.08 gmail.com>, Ruediger Pluem]
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews *) mod_proxy_balancer: Fix crash in balancer-manager. [Rainer Jung]
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews *) Core HTTP: disable keepalive when the Client has sent
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews Expect: 100-continue
1c8aa38b53a0494fc7d4c3439594d1913987f264Mark Andrews but we respond directly with a non-100 response.
43d53a4e4b2f0f9482485a8ab764137a9898ab32Evan Hunt Keepalive here led to data from clients continuing being treated as
43d53a4e4b2f0f9482485a8ab764137a9898ab32Evan Hunt a new request.
43d53a4e4b2f0f9482485a8ab764137a9898ab32Evan Hunt PR 47087 [Nick Kew]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) Core: reject NULLs in request line or request headers.
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień PR 43039 [Nick Kew]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) Core: (re)-introduce -T commandline option to suppress documentroot
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień check at startup.
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień PR 41887 [Jan van den Berg <janvdberg gmail.com>]
b1ce9b3d54cd072adb5275f08a9afac31cfb4c1cMichał Kępień *) mod_autoindex: support XHTML as equivalent to HTML in IndexOptions,
5fa4be41a383cfbf5e1d195b18c04bdbf5603710Evan Hunt ScanHTMLTitles, ReadmeName, HeaderName
5fa4be41a383cfbf5e1d195b18c04bdbf5603710Evan Hunt PR 48416 [Dmitry Bakshaev <dab18 izhnet.ru>, Nick Kew]
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews *) Proxy: Fix ProxyPassReverse with relative URL
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews Derived (slightly erroneously) from PR 38864 [Nick Kew]
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt *) mod_headers: align Header Edit with Header Set when used on Content-Type
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt PR 48422 [Cyril Bonté <cyril.bonte free.fr>, Nick Kew>]
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt *) mod_headers: Enable multi-match-and-replace edit option
24ffba17f06746257d5c009ca8ebfe6043966d20Evan Hunt PR 47066 [Nick Kew]
21d58795b10a13fa7ac306f7146bdcb58b2e5165Mark Andrews *) mod_filter: enable it to act on non-200 responses.
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt PR 48377 [Nick Kew]
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan HuntChanges with Apache 2.3.4
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex,
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt and WatchdogMutexPath with a single Mutex directive. Add APIs to
d5bd8bb71a8970d4ebc4701b3e9ec3efef4954b7Evan Hunt simplify setup and user customization of APR proc and global mutexes.
ad1317338af79edad878c9c3e4361798503310baMark Andrews (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
ad1317338af79edad878c9c3e4361798503310baMark Andrews respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick]
9519bb92d7f3f35015aecb84954dd21607cc2c80Evan Hunt *) http_core: KeepAlive no longer accepts other than On|Off.
9519bb92d7f3f35015aecb84954dd21607cc2c80Evan Hunt [Takashi Sato]
1c81aef28ddf0905344cc58dd3ea0ca539ef1414Evan Hunt *) mod_dav: Remove errno from dav_error interface. Calls to dav_new_error()
1c81aef28ddf0905344cc58dd3ea0ca539ef1414Evan Hunt and dav_new_error_tag() must be adjusted to add an apr_status_t parameter.
1c81aef28ddf0905344cc58dd3ea0ca539ef1414Evan Hunt [Jeff Trawick]
da1f585afa8c103508c759142d6aed4edae6936eMark Andrews *) mod_authnz_ldap: Add AuthLDAPBindAuthoritative to allow Authentication to
da1f585afa8c103508c759142d6aed4edae6936eMark Andrews try other providers in the case of an LDAP bind failure.
a8fa3e2d44ce6a8f4069d8f4229d29f5ba6a4a27Mukund Sivaraman PR 46608 [Justin Erenkrantz, Joe Schaefer, Tony Stevenson]
a8fa3e2d44ce6a8f4069d8f4229d29f5ba6a4a27Mukund Sivaraman *) Build: fix --with-module to work as documented
d71d41341d36ddfd347daab982f0cb85d3dd7c4eMark Andrews PR 43881 [Gez Saunders <gez.saunders virgin.net>]
d72952cf254b71c44e5e956a306016a5be9b9c38Mark AndrewsChanges with Apache 2.3.3
aae171c5421ac2ba665ff122e004e753e62bac45Mark Andrews *) SECURITY: CVE-2009-3095 (cve.mitre.org)
aae171c5421ac2ba665ff122e004e753e62bac45Mark Andrews mod_proxy_ftp: sanity check authn credentials.
6b183c64a3281491f8232959a5ece303b4499706Mark Andrews [Stefan Fritsch <sf fritsch.de>, Joe Orton]
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień *) SECURITY: CVE-2009-3094 (cve.mitre.org)
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień mod_proxy_ftp: NULL pointer dereference on error paths.
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień [Stefan Fritsch <sf fritsch.de>, Joe Orton]
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień *) mod_ssl: enable support for ECC keys and ECDH ciphers. Tested against
5a8f2f0cd67a5dd93d95e6a0935d4805721c3a0bMichał Kępień OpenSSL 1.0.0b3. [Vipul Gupta <vipul.gupta sun.com>, Sander Temme]
e2cc7418bf895d22854d84590b63905fac0d4b90Mark Andrews *) mod_dav: Include uri when logging a PUT error due to connection abort.
36ec0d374836d070ba05b495e6f0a27f60e94476Evan Hunt PR 38149. [Stefan Fritsch]
36ec0d374836d070ba05b495e6f0a27f60e94476Evan Hunt *) mod_dav: Return 409 instead of 500 for a LOCK request if the parent
e446fd29b9c6c4a7b6b5bb0aee3932578c346718Mukund Sivaraman resource does not exist or is not a collection. PR 43465. [Stefan Fritsch]
e446fd29b9c6c4a7b6b5bb0aee3932578c346718Mukund Sivaraman *) mod_dav_fs: Return 409 instead of 500 for Litmus test case copy_nodestcoll
027a4a5b5d806290146ce4989d34be2c8a664e8cMukund Sivaraman (a COPY request where the parent of the destination resource does not
027a4a5b5d806290146ce4989d34be2c8a664e8cMukund Sivaraman exist). PR 39299. [Stefan Fritsch]
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman *) mod_dav_fs: Don't delete the whole file if a PUT with content-range failed.
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman PR 42896. [Stefan Fritsch]
b5252fcde512405a68dd4becfe683d9763bd0feaMukund Sivaraman *) mod_dav_fs: Make PUT create files atomically and no longer destroy the
99056063905a9273ec59cf477ae747e0490182b7Mukund Sivaraman old file if the transfer aborted. PR 39815. [Paul Querna, Stefan Fritsch]
99056063905a9273ec59cf477ae747e0490182b7Mukund Sivaraman *) mod_dav_fs: Remove inode keyed locking as this conflicts with atomically
62f2fefaec754e6a4841ff0e72726e6c0cd89c86Michał Kępień creating files. On systems with inode numbers, this is a format change of
62f2fefaec754e6a4841ff0e72726e6c0cd89c86Michał Kępień the DavLockDB. The old DavLockDB must be deleted on upgrade.
62f2fefaec754e6a4841ff0e72726e6c0cd89c86Michał Kępień [Stefan Fritsch]
b351a5864727a390e06d787e522b141ca760590fMichał Kępień *) mod_log_config: Make ${cookie}C correctly match whole cookie names
b351a5864727a390e06d787e522b141ca760590fMichał Kępień instead of substrings. PR 28037. [Dan Franklin <dan dan-franklin.com>,
b351a5864727a390e06d787e522b141ca760590fMichał Kępień Stefan Fritsch]
b351a5864727a390e06d787e522b141ca760590fMichał Kępień *) vhost: A purely-numeric Host: header should not be treated as a port.
b351a5864727a390e06d787e522b141ca760590fMichał Kępień PR 44979 [Nick Kew]
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews LDAPReferralHopLimit is explicitly configured.
8008de0b11bacb3de3a1016c8c0a46f3c0653184Mark Andrews [Eric Covener]
7b4bfc0201ffbcd64a336b99c945891808c44af0Mark Andrews *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'.
7b4bfc0201ffbcd64a336b99c945891808c44af0Mark Andrews [Eric Covener]
7cd594b8427fe742d44295790ba367e1de22a47dEvan Hunt *) mod_ssl: Add support for OCSP Stapling. PR 43822.
7cd594b8427fe742d44295790ba367e1de22a47dEvan Hunt [Dr Stephen Henson <shenson oss-institute.org>]
c76e8412f4ff4f5945157410312df2a8950f942dMark Andrews *) mod_socache_shmcb: Allow parens in file name if cache size is given.
c76e8412f4ff4f5945157410312df2a8950f942dMark Andrews Fixes SSLSessionCache directive mis-parsing parens in pathname.
a2a0100e0fc73c0af67a7c9e3524816954448dc6Evan Hunt PR 47945. [Stefan Fritsch]
a2a0100e0fc73c0af67a7c9e3524816954448dc6Evan Hunt *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
1feffc6fdb1ba386b22d45ea2d2f1613e717cb9eMark Andrews *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
1feffc6fdb1ba386b22d45ea2d2f1613e717cb9eMark Andrews *) mod_sed: Reduce memory consumption when processing very long lines.
22bed621ef87bc8b6c1fea599b02c4b38dd6bf48Mark Andrews PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
22bed621ef87bc8b6c1fea599b02c4b38dd6bf48Mark Andrews *) ab: Fix segfault in case the argument for -n is a very large number.
68d7ff133c9a1b8cfe683c70e997d83395ffd155Evan Hunt PR 47178. [Philipp Hagemeister <oss phihag.de>]
68d7ff133c9a1b8cfe683c70e997d83395ffd155Evan Hunt *) Allow ProxyPreserveHost to work in <Proxy> sections. PR 34901.
e5f5675b1da287ed40aeff081ad2af86090e8d17Evan Hunt [Stefan Fritsch]
e5f5675b1da287ed40aeff081ad2af86090e8d17Evan Hunt *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again
29f0ced781d745591fd058e530a68a281cd7a510Evan Hunt for worker MPM. [Takashi Sato]
29f0ced781d745591fd058e530a68a281cd7a510Evan Hunt *) mod_dav: Provide a mechanism to obtain the request_rec and pathname
b9fd54f8d4572fe5dcaf9d4b74f6ecb8027cc450Evan Hunt from the dav_resource. [Jari Urpalainen <jari.urpalainen nokia.com>,
b9fd54f8d4572fe5dcaf9d4b74f6ecb8027cc450Evan Hunt Brian France <brian brianfrance.com>]
fcb5e646e4d775539e348fa21ba13307f2695bf5Mark Andrews *) Build: Use install instead of cp if available on installing
fcb5e646e4d775539e348fa21ba13307f2695bf5Mark Andrews modules to avoid segmentation fault. PR 47951. [hirose31 gmail.com]
a22c3cf51567651f74aee5c263c597b8d752c2ccMichał Kępień *) mod_cache: correctly consider s-maxage in cacheability
a22c3cf51567651f74aee5c263c597b8d752c2ccMichał Kępień decisions. [Dan Poirier]
a22c3cf51567651f74aee5c263c597b8d752c2ccMichał Kępień *) mod_logio/core: Report more accurate byte counts in mod_status if
b301c4293c082fcce4ec26218e6fad346976eb9eMark Andrews mod_logio is loaded. PR 25656. [Stefan Fritsch]
b301c4293c082fcce4ec26218e6fad346976eb9eMark Andrews *) mod_ldap: If LDAPSharedCacheSize is too small, try harder to purge
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews some cache entries and log a warning. Also increase the default
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews LDAPSharedCacheSize to 500000. This is a more realistic size suitable
5c4e0c7800b5c7783e7f8b9ce80a6f8dc47f8856Mark Andrews for the default values of 1024 for LdapCacheEntries/LdapOpCacheEntries.
6e1f755f19ef244422e1efa4551fe23775e1a38cMark Andrews PR 46749. [Stefan Fritsch]
6e1f755f19ef244422e1efa4551fe23775e1a38cMark Andrews *) mod_rewrite: Make sure that a hostname:port isn't fully qualified if
435a7cd2293dfa9264678508762ab9acb8d41e50Mark Andrews the request is a CONNECT request. [Bill Zajac <billz consultla.com>]
435a7cd2293dfa9264678508762ab9acb8d41e50Mark Andrews *) mod_cache: Teach CacheEnable and CacheDisable to work from within a
b7a823a402eb5c4e99f283e58d778a903d2e72f5Michał Kępień Location section, in line with how ProxyPass works. [Graham Leggett]
b7a823a402eb5c4e99f283e58d778a903d2e72f5Michał Kępień *) mod_reqtimeout: New module to set timeouts and minimum data rates for
c46c8e5c56ec4e81a39632e0036f20a6a3c18b8bMark Andrews receiving requests from the client. [Stefan Fritsch]
031bc55634f443c7c70fbf44c6ac6d8abe72f22bEvan Hunt *) core: Fix potential memory leaks by making sure to not destroy
031bc55634f443c7c70fbf44c6ac6d8abe72f22bEvan Hunt bucket brigades that have been created by earlier filters.
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews [Stefan Fritsch]
a64daf673deff2358a91bee26bbf2bf874f47c6eMark Andrews *) core, mod_deflate, mod_sed: Reduce memory usage by reusing bucket
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień brigades in several places. [Stefan Fritsch]
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień *) mod_cache: Fix uri_meets_conditions() so that CacheEnable will
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień match by scheme, or by a wildcarded hostname. PR 40169
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień [Peter Grandi <pg_asf asf.for.sabi.co.uk>, Graham Leggett]
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień *) suxec: Allow to log an error if exec fails by setting FD_CLOEXEC
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień on the log file instead of closing it. PR 10744. [Nicolas Rachinsky]
7ff682f3c628d785048bbe0242e6a32ea26c6747Michał Kępień *) mod_mime: Make RemoveType override the info from TypesConfig.
7ff682f3c628d785048bbe0242e6a32ea26c6747Michał Kępień PR 38330. [Stefan Fritsch]
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień *) mod_cache: Introduce the option to run the cache from within the
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień normal request handler, and to allow fine grained control over
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień where in the filter chain content is cached. [Graham Leggett]
abcea74291c37abf68be4e06997c59e5494f06adMark Andrews *) core: Treat timeout reading request as 408 error, not 400.
abcea74291c37abf68be4e06997c59e5494f06adMark Andrews Log 408 errors in access log as was done in Apache 1.3.x.
d748d8a4afc200800f6289683361a393b15ba6bfMichał Kępień PR 39785 [Nobutaka Mantani <nobutaka nobutaka.org>,
d748d8a4afc200800f6289683361a393b15ba6bfMichał Kępień Stefan Fritsch <sf fritsch.de>, Dan Poirier]
cbb33c87f4bcf415c840acb61c9d4642c3c2a8e0Michał Kępień *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN,
cbb33c87f4bcf415c840acb61c9d4642c3c2a8e0Michał Kępień SSL_SERVER_I_DN back to the environment variables to be set by mod_ssl.
cbb33c87f4bcf415c840acb61c9d4642c3c2a8e0Michał Kępień [Peter Sylvester <peter.sylvester edelweb.fr>]
324b00ad4950b00346f5ba2382a51709bd82afe9Mark Andrews *) mod_disk_cache: don't cache incomplete responses, per RFC 2616, 13.8.
296f5969a8dd6e3d1bb3761569c6a7070abd2e47Tinderbox User PR15866. [Dan Poirier]
4dc6fa1e92af7a62875b6f6f2931beefd58cb4faEvan Hunt *) ab: ab segfaults in verbose mode on https sites
4dc6fa1e92af7a62875b6f6f2931beefd58cb4faEvan Hunt PR46393. [Ryan Niebur]
b81b178ab919bdbd92021cfc7e6e8d971cd38e83Mark Andrews *) mod_dav: Allow other modules to become providers and add resource types
b81b178ab919bdbd92021cfc7e6e8d971cd38e83Mark Andrews to the DAV response. [Jari Urpalainen <jari.urpalainen nokia.com>,
bf216589c1a81e4431653a145b252b6ce367d7cdMark Andrews Brian France <brian brianfrance.com>]
7dbeb5e7f067585abfb12fac314a0d2a8f0dd040Evan Hunt *) mod_dav: Allow other modules to add things to the DAV or Allow headers
7dbeb5e7f067585abfb12fac314a0d2a8f0dd040Evan Hunt of an OPTIONS request. [Jari Urpalainen <jari.urpalainen nokia.com>,
6e10f87913db176724e89b52e686b0992898da75Mukund Sivaraman Brian France <brian brianfrance.com>]
6e10f87913db176724e89b52e686b0992898da75Mukund Sivaraman *) core: Lower memory usage of core output filter.
6e10f87913db176724e89b52e686b0992898da75Mukund Sivaraman [Stefan Fritsch <sf sfritsch.de>]
37f6466aa327a5b444e41c8cb57ab5caacfe6279Evan Hunt *) mod_mime: Detect invalid use of MultiviewsMatch inside Location and
37f6466aa327a5b444e41c8cb57ab5caacfe6279Evan Hunt LocationMatch sections. PR47754. [Dan Poirier]
37f6466aa327a5b444e41c8cb57ab5caacfe6279Evan Hunt *) mod_request: Make sure the KeptBodySize directive rejects values
4162d3b36d1a3c25724c7e37ce839f67b2352bbbMark Andrews that aren't valid numbers. [Graham Leggett]
4162d3b36d1a3c25724c7e37ce839f67b2352bbbMark Andrews *) mod_session_crypto: Sanity check should the potentially encrypted
ce6f0c122140647b5652c0d4de523c994fcfea08Michał Kępień session cookie be too short. [Graham Leggett]
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt *) mod_session.c: Prevent a segfault when session is added but not
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt configured. [Graham Leggett]
f72f5879424ce4081893b306b8c31f29fe9205e0Evan Hunt *) htcacheclean: 19 ways to fail, 1 error message. Fixed. [Graham Leggett]
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt *) mod_auth_digest: Fail server start when nonce count checking
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt is configured without shared memory, or md5-sess algorithm is
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt configured. [Dan Poirier]
1073e2001caee13cc1fa52de97feddd633d50fd8Evan Hunt *) mod_proxy_connect: The connect method doesn't work if the client is
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont connecting to the apache proxy through an ssl socket. Fixed.
11c4e6d8fcc9bc148543c1ee632315e096d2bcf2Michał Kępień PR29744. [Brad Boyer, Mark Cave-Ayland, Julian Gilbey, Fabrice Durand,
11c4e6d8fcc9bc148543c1ee632315e096d2bcf2Michał Kępień David Gence, Tim Dodge, Per Gunnar Hans, Emmanuel Elango,
11c4e6d8fcc9bc148543c1ee632315e096d2bcf2Michał Kępień Kevin Croft, Rudolf Cardinal]
59122481b2aa65de4518677c6949f03711d2553aEvan Hunt *) mod_ssl: The error message when SSLCertificateFile is missing should
59122481b2aa65de4518677c6949f03711d2553aEvan Hunt at least give the name or position of the problematic virtual host
59122481b2aa65de4518677c6949f03711d2553aEvan Hunt definition. [Stefan Fritsch sf sfritsch.de]
fe6d2fd8338d6f6ac4c79bea9a8daad903460040Evan Hunt *) mod_auth_digest: Fix null pointer when qop=none. [Dan Poirier]
fe6d2fd8338d6f6ac4c79bea9a8daad903460040Evan Hunt *) Add support for HTTP PUT to ab. [Jeff Barnes <jbarnesweb yahoo.com>]
05a456499af940762d6658366abafb220c5053ccMark Andrews *) mod_headers: generalise the envclause to support expression
05a456499af940762d6658366abafb220c5053ccMark Andrews evaluation with ap_expr parser [Nick Kew]
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews *) mod_cache: Introduce the thundering herd lock, a mechanism to keep
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews the flood of requests at bay that strike a backend webserver as
cb4e0ef4e2c8a942f99af6ecc6aa564c903b00a0Mark Andrews a cached entity goes stale. [Graham Leggett]
e3efc855f9f0acc9b14bb8e9c833e0fa209068b6Mark Andrews *) mod_auth_digest: Fix usage of shared memory and re-enable it.
e3efc855f9f0acc9b14bb8e9c833e0fa209068b6Mark Andrews PR 16057 [Dan Poirier]
e56c0854589d936f911e0aac2f2bf53cbc8a6af7Michał Kępień *) Preserve Port information over internal redirects
e56c0854589d936f911e0aac2f2bf53cbc8a6af7Michał Kępień PR 35999 [Jonas Ringh <jonas.ringh cixit.se>]
6727802528c27484e0d36d70f0b936022d3226e3Michał Kępień *) Proxy: unable to connect to a backend is SERVICE_UNAVAILABLE,
6727802528c27484e0d36d70f0b936022d3226e3Michał Kępień rather than BAD_GATEWAY or (especially) NOT_FOUND.
6727802528c27484e0d36d70f0b936022d3226e3Michał Kępień PR 46971 [evanc nortel.com]
4d41be5f9e86c11a6f00e2b005cfc5abae2c1ab3Mark Andrews *) Various modules: Do better checking of pollset operations in order to
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews avoid segmentation faults if they fail. PR 46467
bfde61d5194a534d800f3b90008d1f52261922c5Mark Andrews [Stefan Fritsch <sf sfritsch.de>]
42ae02626d05921ca7508ae6f9c48ea699596bc6Mark Andrews *) mod_autoindex: Correctly create an empty cell if the description
6b56350522d18f10edbf2d3778cd0fea74e4f3d2Mark Andrews for a file is missing. PR 47682 [Peter Poeml <poeml suse.de>]
42ae02626d05921ca7508ae6f9c48ea699596bc6Mark Andrews *) ab: Fix broken error messages after resolver or connect() failures.
41caed6e2d7e9caace30e6c59f199ab6bd438f01Mark Andrews [Jeff Trawick]
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman *) SECURITY: CVE-2009-1890 (cve.mitre.org)
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman Fix a potential Denial-of-Service attack against mod_proxy in a
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman reverse proxy configuration, where a remote attacker can force a
16f43564c6875e2bedd346c18c494933ad51e4faMukund Sivaraman proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton]
72b322cde0e51c4c87df0c9e3226deac95dfb4ceMark Andrews *) SECURITY: CVE-2009-1191 (cve.mitre.org)
28ea558bc80f75e46d77ea0533232bb9d4e644f7Mark Andrews mod_proxy_ajp: Avoid delivering content from a previous request which
28ea558bc80f75e46d77ea0533232bb9d4e644f7Mark Andrews failed to send a request body. PR 46949 [Ruediger Pluem]
8ed6c49f1a7f06d3ed39bee7731ff91d8dfd8dc7Mark Andrews *) htdbm: Fix possible buffer overflow if dbm database has very
447dfe4f115b17274eabf1087f035634e1129bb9Mark Andrews long values. PR 30586 [Dan Poirier]
6045abbc9a0d7d449a13b6fbfbf32d419b6bee96Mark Andrews *) core: Return APR_EOF if request body is shorter than the length announced
6045abbc9a0d7d449a13b6fbfbf32d419b6bee96Mark Andrews by the client. PR 33098 [ Stefan Fritsch <sf sfritsch.de>]
f7d148398ca4511551c737e655b15f7d0d59a783Mark Andrews *) mod_suexec: correctly set suexec_enabled when httpd is run by a
f7d148398ca4511551c737e655b15f7d0d59a783Mark Andrews non-root user and may have insufficient permissions.
3a84275b10ab16965e86f6ca97e70c1bdca885a0Mark Andrews PR 42175 [Jim Radford <radford blackbean.org>]
3a84275b10ab16965e86f6ca97e70c1bdca885a0Mark Andrews *) mod_ssl: Fix SSL_*_DN_UID variables to use the 'userID' attribute
3a84275b10ab16965e86f6ca97e70c1bdca885a0Mark Andrews type. PR 45107. [Michael Ströder <michael stroeder.com>,
398834f7559617bdfd6c10ba555609a2f306e3d4Mark Andrews *) mod_proxy_http: fix case sensitivity checking transfer encoding
398834f7559617bdfd6c10ba555609a2f306e3d4Mark Andrews PR 47383 [Ryuzo Yamamoto <ryuzo.yamamoto gmail.com>]
28061f80b698171892e81c0856bc722190947998Evan Hunt *) mod_alias: ensure Redirect issues a valid URL.
28061f80b698171892e81c0856bc722190947998Evan Hunt PR 44020 [HÃ¥kon Stordahl <hakon stordahl.org>]
a785bf2c39c6f223a93c27bbff81591b38095577Mark Andrews *) mod_dir: add FallbackResource directive, to enable admin to specify
a785bf2c39c6f223a93c27bbff81591b38095577Mark Andrews an action to happen when a URL maps to no file, without resorting
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt to ErrorDocument or mod_rewrite. PR 47184 [Nick Kew]
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt *) mod_cgid: Do not leak the listening Unix socket file descriptor to the
a03f4b1ea4f1a4a70963fbeb606841c217f9e5f3Evan Hunt CGI process. PR 47335 [Kornél Pál <kornelpal gmail.com>]
d315545e6db6792692fe2dcb788ac6717a33b75fEvan Hunt *) mod_rewrite: Remove locking for writing to the rewritelog.
d315545e6db6792692fe2dcb788ac6717a33b75fEvan Hunt PR 46942 [Dan Poirier <poirier pobox.com>]
00f131293520b70728cd48840e09953fa45a745bMark Andrews *) mod_alias: check sanity in Redirect arguments.
00f131293520b70728cd48840e09953fa45a745bMark Andrews PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
b2e71853060a384070d422afda6d1c692ff608e3Mark Andrews *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
b2e71853060a384070d422afda6d1c692ff608e3Mark Andrews PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
b2e71853060a384070d422afda6d1c692ff608e3Mark Andrews *) mod_cache: Add CacheIgnoreURLSessionIdentifiers directive to ignore
42c1acfa478aacfbda2d298cf74a137de2df4b87Michał Kępień defined session identifiers encoded in the URL when caching.
42c1acfa478aacfbda2d298cf74a137de2df4b87Michał Kępień [Ruediger Pluem]
214b53880b6d77359f60feccb91bd2589059300aEvan Hunt *) mod_rewrite: Fix the error string returned by RewriteRule.
214b53880b6d77359f60feccb91bd2589059300aEvan Hunt RewriteRule returned "RewriteCond: bad flag delimiters" when the 3rd
214b53880b6d77359f60feccb91bd2589059300aEvan Hunt argument of RewriteRule was not started with "[" or not ended with "]".
dd5375de0a7a515ee4fb2fd217e9577259d38c07Mark Andrews PR 45082 [Vitaly Polonetsky <m_vitaly topixoft.com>]
dd5375de0a7a515ee4fb2fd217e9577259d38c07Mark Andrews *) Windows: Fix usage message.
3a58e1fefb0a9fd5dab11f271a320c6b90473f76Mukund Sivaraman [Rainer Jung]
3a58e1fefb0a9fd5dab11f271a320c6b90473f76Mukund Sivaraman *) apachectl: When passing through arguments to httpd in
7c67b8c2b076971e6a9f8b0db932201366f13d47Mark Andrews non-SysV mode, use the "$@" syntax to preserve arguments.
7c67b8c2b076971e6a9f8b0db932201366f13d47Mark Andrews [Eric Covener]
5aed5dc329a2bf1340e9ff2256c1cf4e3005ea0bMark Andrews *) mod_dbd: add DBDInitSQL directive to enable SQL statements to
5aed5dc329a2bf1340e9ff2256c1cf4e3005ea0bMark Andrews be run when a connection is opened. PR 46827
387f5e872d40426acbc739d2e9b2bb37c123dd56Mark Andrews [Marko Kevac <mkevac gmail.com>]
c28e44f3f8bc46c6bf1c15cc06af0c42fcd7e924Evan Hunt *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock).
c28e44f3f8bc46c6bf1c15cc06af0c42fcd7e924Evan Hunt PR 47037. [Jeff Trawick]
3440cf9c60cd5d35634e7f274fd3eccbba2173a5Evan Hunt *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
3440cf9c60cd5d35634e7f274fd3eccbba2173a5Evan Hunt protocol. [Mladen Turk]
387f5e872d40426acbc739d2e9b2bb37c123dd56Mark Andrews *) mod_proxy_ajp: Forward remote port information by default.
541ce84ff2f0c54340da8b3e04c5686ed82420e1Mark Andrews [Rainer Jung]
032d2134a4c1808696688db9bf6f20253e5d05b5Mark Andrews *) Allow MPMs to be loaded dynamically, as with most other modules. Use
032d2134a4c1808696688db9bf6f20253e5d05b5Mark Andrews --enable-mpms-shared={list|"all"} to enable. This required changes to
032d2134a4c1808696688db9bf6f20253e5d05b5Mark Andrews the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed
fb9ef31fed818384ef8997f2dc5f27252c6f767eEvan Hunt header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child,
fb9ef31fed818384ef8997f2dc5f27252c6f767eEvan Hunt ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be
fb9ef31fed818384ef8997f2dc5f27252c6f767eEvan Hunt called until after the register-hooks phase. [Jeff Trawick]
823ccd1f02802966395d58c916e9f988320fd6eeEvan Hunt *) mod_ssl: Add SSLProxyCheckPeerExpire and SSLProxyCheckPeerCN directives
823ccd1f02802966395d58c916e9f988320fd6eeEvan Hunt to enable stricter checking of remote server certificates.
b6fa637fc8c92f42a21e6f97259598968717af3dEvan Hunt [Ruediger Pluem]
b6fa637fc8c92f42a21e6f97259598968717af3dEvan Hunt *) ab: Fix a 100% CPU loop on platforms where a failed non-blocking connect
b6fa637fc8c92f42a21e6f97259598968717af3dEvan Hunt returns EINPROGRESS and a subsequent poll() returns only POLLERR.
ace5680c122ef239e64eec1120f13f5a7f087d79Mark Andrews Observed on HP-UX. [Eric Covener]
ace5680c122ef239e64eec1120f13f5a7f087d79Mark Andrews *) Remove broken support for BeOS, TPF, and even older platforms such
59d940391ce90963cd3f4b22201b3fca2ffda22aMark Andrews as A/UX, Next, and Tandem. [Jeff Trawick]
59d940391ce90963cd3f4b22201b3fca2ffda22aMark Andrews *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with
6b432e11497f905a6b6f048df3e8a01ce8abbb1eMark Andrews globbing characters to be retrieved instead of converted into a
6b432e11497f905a6b6f048df3e8a01ce8abbb1eMark Andrews directory listing. PR 46789 [Dan Poirier <poirier pobox.com>]
cb9345c996de9d9c990009f14fc83fbbe9c5e3e6Mark Andrews *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation
cb9345c996de9d9c990009f14fc83fbbe9c5e3e6Mark Andrews of module state across unload/load. [Jeff Trawick]
c935952ede45595a821cfed7f73b57f3b239ca2bMark Andrews *) mod_substitute: Fix a memory leak. PR 44948
c935952ede45595a821cfed7f73b57f3b239ca2bMark Andrews [Dan Poirier <poirier pobox.com>]
9604a49da0130534f2f4aaa0cbfa78b5f589196fMark AndrewsChanges with Apache 2.3.2
9604a49da0130534f2f4aaa0cbfa78b5f589196fMark Andrews *) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
da5b569ddb9b8bf84242f3085d18e215ec490fdaMark Andrews *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
da5b569ddb9b8bf84242f3085d18e215ec490fdaMark Andrews HTML injections and HTTP response splitting. PR 46837.
c83a3061551c86bd661839be935de061f7322f5cEvan Hunt [Geoff Keating <geoffk apple.com>]
c83a3061551c86bd661839be935de061f7322f5cEvan Hunt *) mod_ssl: add support for type-safe STACK constructs in OpenSSL
c83a3061551c86bd661839be935de061f7322f5cEvan Hunt development HEAD. PR 45521. [Kaspar Brand, Sander Temme]
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews *) ab: Fix maintenance of the pollset to resolve EALREADY errors
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris).
ac9072210cea5283e554f1787876b647a08fda96Mark Andrews PR 44584. Use APR_POLLSET_NOCOPY for better performance with some
512765ba1e3f0b29e2c1ae4b0138838c6422f2bdEvan Hunt pollset implementations. [Jeff Trawick]
27a262bc4d38c7a8230677ac2685ec7a4f509f70Mark Andrews *) mod_disk_cache: The module now turns off sendfile support if
27a262bc4d38c7a8230677ac2685ec7a4f509f70Mark Andrews 'EnableSendfile off' is defined globally. [Lars Eilebrecht]
27a262bc4d38c7a8230677ac2685ec7a4f509f70Mark Andrews *) mod_deflate: Adjust content metadata before bailing out on 304
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman responses so that the metadata does not differ from 200 response.
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman [Roy T. Fielding]
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman *) mod_deflate: Fix creation of invalid Etag headers. We now make sure
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman that the Etag value is properly quoted when adding the gzip marker.
3b38e4b8344cb3bb28f2b116d2e39f8371ef8e34Mukund Sivaraman PR 39727, 45023. [Lars Eilebrecht, Roy T. Fielding]
0d24df5c0b2f9546f403113df8ac4457223bc92fEvan Hunt *) Added 20x22 icons for ODF, SVG, and XML documents. PR 37185.
0d24df5c0b2f9546f403113df8ac4457223bc92fEvan Hunt [Peter Harlow]
7c1c9b4dcd9efa507cdb58d3d83e99ab4836096dMark Andrews *) Disabled DefaultType directive and removed ap_default_type()
7c1c9b4dcd9efa507cdb58d3d83e99ab4836096dMark Andrews from core. We now exclude Content-Type from responses for which
7c1c9b4dcd9efa507cdb58d3d83e99ab4836096dMark Andrews a media type has not been configured via mime.types, AddType,
9689922a0d936b04feb418fbaf4c1420f745ea58Mark Andrews ForceType, or some other mechanism. PR 13986. [Roy T. Fielding]
9689922a0d936b04feb418fbaf4c1420f745ea58Mark Andrews *) mod_rewrite: Add IPV6 variable to RewriteCond
02989eceeff85cd6c5dd31848a12674f74bba7cfEvan Hunt [Ryan Phillips <ryan-apache trolocsis.com>]
02989eceeff85cd6c5dd31848a12674f74bba7cfEvan Hunt *) core: Enhance KeepAliveTimeout to support a value in milliseconds.
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt PR 46275. [Takashi Sato]
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt *) rotatelogs: Allow size units B, K, M, G and combination of
34f649fa22a16acb488ccf0f8a41d541c6ba7da1Evan Hunt time and size based rotation. [Rainer Jung]
8b9c4592ed718c4187971f1104381faf538bf4f7Evan Hunt *) rotatelogs: Add flag for verbose (debug) output. [Rainer Jung]
8b9c4592ed718c4187971f1104381faf538bf4f7Evan Hunt *) mod_ssl: Fix merging of SSLRenegBufferSize directive. PR 46508
264e17e73941059877ccf3c96f26aac15a25500bMukund Sivaraman *) core: Translate the the status line to ASCII on EBCDIC platforms in
264e17e73941059877ccf3c96f26aac15a25500bMukund Sivaraman ap_send_interim_response() and for locally generated "100 Continue"
9a8b2b3ab35fbbdf03acba32dade90ad91f75742Mukund Sivaraman responses. [Eric Covener]
9a8b2b3ab35fbbdf03acba32dade90ad91f75742Mukund Sivaraman *) prefork: Fix child process hang during graceful restart/stop in
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman configurations with multiple listening sockets. PR 42829. [Joe Orton,
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman Jeff Trawick]
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman *) mod_session_crypto: Ensure that SessionCryptoDriver can only be
eeb16584fbd3564136cb4c950fc5e1b54690de68Mukund Sivaraman set in the global scope. [Graham Leggett]
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman *) mod_ext_filter: We need to detect failure to startup the filter
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman program (a mangled response is not acceptable). Fix to detect
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman failure, and offer configuration option either to abort or
9540b42695c15fdd5f01b4c663e21936e6c38c82Mukund Sivaraman to remove the filter and continue.
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman PR 41120 [Nick Kew]
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman *) mod_session_crypto: Rewrite the session_crypto module against the
fec9247b8f1ab52e999643ae03f0550387ec359fMukund Sivaraman apr_crypto API. [Graham Leggett]
0d7548ee341c83c540624a423e2c701b6e9ddc4eEvan Hunt *) mod_auth_form: Fix a pool lifetime issue, don't remove the subrequest
0d7548ee341c83c540624a423e2c701b6e9ddc4eEvan Hunt until the main request is cleaned up. [Graham Leggett]
2883bbaef3b2b712acfb89358f5a9c7ebb62733bEvan HuntChanges with Apache 2.3.1
527163f0e5e8639bcceb7fe52387285042f5b24cEvan Hunt *) ap_slotmem: Add in new slot-based memory access API impl., including
62a6147e51fd1ccb9ec1c1b6c97b6e9b9ef1f002Evan Hunt 2 providers (mod_sharedmem and mod_plainmem) [Jim Jagielski,
62a6147e51fd1ccb9ec1c1b6c97b6e9b9ef1f002Evan Hunt Jean-Frederic Clere, Brian Akins <brian.akins turner.com>]
4c432aae90bc9b220725ca7df5a6af40cf4c74b3Mark Andrews *) mod_include: support generating non-ASCII characters as entities in SSI
4c432aae90bc9b220725ca7df5a6af40cf4c74b3Mark Andrews PR 25202 [Nick Kew]
3195754154292f0651c195433607696a259a98e2Evan Hunt *) core/utils: Enhance ap_escape_html API to support escaping non-ASCII chars
3195754154292f0651c195433607696a259a98e2Evan Hunt PR 25202 [Nick Kew]
911576956388270fe2401fbf9236d8879d2795e9Evan Hunt *) mod_rewrite: fix "B" flag breakage by reverting r5589343
911576956388270fe2401fbf9236d8879d2795e9Evan Hunt PR 45529 [Bob Ionescu <bobsiegen googlemail.com>]
fd0d60b3a0139c040fedb0bb765fd9667831412eMark Andrews *) CGI: return 504 (Gateway timeout) rather than 500 when a script
fd0d60b3a0139c040fedb0bb765fd9667831412eMark Andrews times out before returning status line/headers.
fd0d60b3a0139c040fedb0bb765fd9667831412eMark Andrews PR 42190 [Nick Kew]
3001a1b4e6298466882a4147307b4c28a3b08f91Mark Andrews *) mod_cgid: fix segfault problem on solaris.
3001a1b4e6298466882a4147307b4c28a3b08f91Mark Andrews PR 39332 [Masaoki Kobayashi <masaoki techfirm.co.jp>]
1bce43adcc11d21afaf645cbe466553aabc725b2Mark Andrews *) mod_proxy_scgi: Added. [André Malo]
da4823c08a9a41e7b5ff1f3a83c80007f60fd21cMark Andrews *) mod_cache: Introduce 'no-cache' per-request environment variable
da4823c08a9a41e7b5ff1f3a83c80007f60fd21cMark Andrews to prevent the saving of an otherwise cacheable response.
52cae869e0296713b764f6065bdad80832d4c493Mark Andrews [Eric Covener]
52cae869e0296713b764f6065bdad80832d4c493Mark Andrews *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome
403e7b451207fe6514a5d641562713b1af233b9cEvan Hunt way that per-directory rewrites append the previous notion of PATH_INFO
403e7b451207fe6514a5d641562713b1af233b9cEvan Hunt to each substitution before evaluating subsequent rules.
403e7b451207fe6514a5d641562713b1af233b9cEvan Hunt PR 38642 [Eric Covener]
62b5dd5b09cb575281f8193476b58a4bd9870fc9Evan Hunt *) mod_cgid: Do not add an empty argument when calling the CGI script.
7fcbbd6fa9ed199cf6947bb6b204da5438211faaMark Andrews PR 46380 [Ruediger Pluem]
8c31a25f3ff5d6783c7add7c887e52f7031d173dMark Andrews *) scoreboard: Remove unused sb_type from process_score.
8c31a25f3ff5d6783c7add7c887e52f7031d173dMark Andrews [Torsten Foertsch <torsten.foertsch gmx.net>, Chris Darroch]
8bcd80824c51c802c2927236b012cd526f569b04Mark Andrews *) mod_ssl: Add SSLRenegBufferSize directive to allow changing the
3be4330b77e6de0c6aa7cca74c1ae17fc661ac32Tinderbox User size of the buffer used for the request-body where necessary
8bcd80824c51c802c2927236b012cd526f569b04Mark Andrews during a per-dir renegotiation. PR 39243. [Joe Orton]
7fcbbd6fa9ed199cf6947bb6b204da5438211faaMark Andrews *) mod_proxy_fdpass: New module to pass a client connection over to a separate
7fcbbd6fa9ed199cf6947bb6b204da5438211faaMark Andrews process that is reading from a unix daemon socket.
559cbe04e73cf601784a371e09554c20407a6c7bEvan Hunt *) mod_ssl: Improve environment variable extraction to be more
559cbe04e73cf601784a371e09554c20407a6c7bEvan Hunt efficient and to correctly handle DNs with duplicate tags.
559cbe04e73cf601784a371e09554c20407a6c7bEvan Hunt PR 45975. [Joe Orton]
6ef61e764583887172e27c3bc681e36cfa27b469Mark Andrews *) Remove the obsolete serial attribute from the RPM spec file. Compile
94a94fca2444bb18b4bf74d6c5dbcbb89f139237Mark Andrews against the external pcre. Add missing binaries fcgistarter, and
b81977ae70138c9befd8fa4bb66b6145e1986561Mark Andrews mod_socache* and mod_session*. [Graham Leggett]
43769594c0e42e9822ef71daee8bbf35252d9300Evan HuntChanges with Apache 2.3.0
9ecedaea58defeadaf54dfc1211270653e0657ceMark Andrews *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna]
fc8c8966c906b305cb8b416a8f23f21abf103b7fEvan Hunt *) Remove X-Pad header which was added as a work around to a bug in
fc8c8966c906b305cb8b416a8f23f21abf103b7fEvan Hunt Netscape 2.x to 4.0b2. [Takashi Sato <takashi lans-tv.com>]
fc8c8966c906b305cb8b416a8f23f21abf103b7fEvan Hunt *) Add DTrace Statically Defined Tracing (SDT) probes.
07b7a3eadeda94eddd50977c9582dae2f955b638Evan Hunt [Theo Schlossnagle <jesus omniti.com>, Paul Querna]
07b7a3eadeda94eddd50977c9582dae2f955b638Evan Hunt *) mod_proxy_balancer: Move all load balancing implementations
07b7a3eadeda94eddd50977c9582dae2f955b638Evan Hunt as individual, self-contained mod_proxy submodules under
85a26f938eac3e147a48f671f6a6b5ee9cd1767dEvan Hunt *) Rename APIs to include ap_ prefix:
4901f2c10b4393fd4407c8feb022c3415ab323c7Mark Andrews find_child_by_pid -> ap_find_child_by_pid
4901f2c10b4393fd4407c8feb022c3415ab323c7Mark Andrews suck_in_APR -> ap_suck_in_APR
4901f2c10b4393fd4407c8feb022c3415ab323c7Mark Andrews sys_privileges_handlers -> ap_sys_privileges_handlers
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt unixd_accept -> ap_unixd_accept
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt unixd_config -> ap_unixd_config
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt unixd_killpg -> ap_unixd_killpg
8e9dbb62224ce4d7342b0e7db96cf31e415aaaf0Evan Hunt unixd_set_global_mutex_perms -> ap_unixd_set_global_mutex_perms
b5ad0916242ca4ce3f053efe78c1725dce996717Mark Andrews unixd_set_proc_mutex_perms -> ap_unixd_set_proc_mutex_perms
b5ad0916242ca4ce3f053efe78c1725dce996717Mark Andrews unixd_set_rlimit -> ap_unixd_set_rlimit
e2ec0753ce8ed53c870141541b34ebb44598cef7Tinderbox User [Paul Querna]
da23e32e410eb9b106ae926858140303bfd1d96fMark Andrews *) mod_lbmethod_heartbeat: New module to load balance mod_proxy workers
da23e32e410eb9b106ae926858140303bfd1d96fMark Andrews based on heartbeats. [Paul Querna]
18ab9a0a34ea025a6bbb09b711b00cfa11eec1b5Evan Hunt *) mod_heartmonitor: New module to collect heartbeats, and write out a file
832f5803f69f4548ba3777f8b5741768bbbf5f75Mark Andrews so that other modules can load balance traffic as needed. [Paul Querna]
832f5803f69f4548ba3777f8b5741768bbbf5f75Mark Andrews *) mod_heartbeat: New module to generate multicast heartbeats to know if a
5688a47c152def63dd2f5fb9a93911a0df46162eTinderbox User server is online. [Paul Querna]
832f5803f69f4548ba3777f8b5741768bbbf5f75Mark Andrews *) mod_buffer: Honour the flush bucket and flush the buffer in the
4441328a1d38bbb2ec20a0a219b84d472312da26Mark Andrews input filter. Make sure that metadata buckets are written to
8ce73e5c8cd5e985310ad42b76e8cacee406cb34Mark Andrews the buffer, not to the final brigade. [Graham Leggett]
f2e8131f508ca9c92bf7601c80db3c9e1d3bc4ebMark Andrews *) mod_buffer: Optimise the buffering of heap buckets when the heap
22e3ffcf2c52114092b2dbdf2bc1872371c96192Mark Andrews buckets stay exactly APR_BUCKET_BUFF_SIZE long. [Graham Leggett,
22e3ffcf2c52114092b2dbdf2bc1872371c96192Mark Andrews Ruediger Pluem]
7bcba68b9510908c07d6c2568faca06629511660Mark Andrews *) mod_buffer: Optional support for buffering of the input and output
7bcba68b9510908c07d6c2568faca06629511660Mark Andrews filter stacks. Can collapse many small buckets into fewer larger
2cee8eadec6545fb0ce10fb8c1d7b60870ec2fb4Mark Andrews buckets, and prevents excessively small chunks being sent over
2cee8eadec6545fb0ce10fb8c1d7b60870ec2fb4Mark Andrews the wire. [Graham Leggett]
2cee8eadec6545fb0ce10fb8c1d7b60870ec2fb4Mark Andrews *) mod_privileges: new module to make httpd on Solaris privileges-aware
81df1363fbd13f3a80987704c23e14413e6f1d2aMark Andrews and to enable different virtualhosts to run with different
81df1363fbd13f3a80987704c23e14413e6f1d2aMark Andrews privileges and Unix user/group IDs [Nick Kew]
08397f5b6ca783a8c55f48b827201b75c3fca4bfMark Andrews *) mod_mem_cache: this module has been removed. [William Rowe]
08397f5b6ca783a8c55f48b827201b75c3fca4bfMark Andrews *) authn/z: Remove mod_authn_default and mod_authz_default.
e63d63dc8510c669e1575b2762265842e8783822Evan Hunt [Chris Darroch]
e63d63dc8510c669e1575b2762265842e8783822Evan Hunt *) authz: Fix handling of authz configurations, make default authz
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt directives. [Chris Darroch]
d6080de9be23024f5f7a1e40d0cb06df94cdcb72Mark Andrews *) mod_authn_core: Prevent crash when provider alias created to
2a2618356ecdf5962230fe11606d2b106a638295Tinderbox User provider which is not yet registered. [Chris Darroch]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk *) mod_authn_core: Add AuthType of None to support disabling
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk authentication. [Chris Darroch]
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk *) core: Allow <Limit> and <LimitExcept> directives to nest, and
b1866070ef4fb9e17bff16ad458f629bbc5a4accwpk constrain their use to conform with that of other access control
6b45fd062bbcf2986078bf25b2b617b844a9fde4Mark Andrews and authorization directives. [Chris Darroch]
6b45fd062bbcf2986078bf25b2b617b844a9fde4Mark Andrews *) unixd: turn existing code into a module, and turn the set user/group
6b45fd062bbcf2986078bf25b2b617b844a9fde4Mark Andrews and chroot into a child_init function. [Nick Kew]
72cae054ad81a985f1e0023f9ff92b6ff1872183Mark Andrews *) mod_dir: Support "DirectoryIndex disabled"
72cae054ad81a985f1e0023f9ff92b6ff1872183Mark Andrews Suggested By André Warnier <aw ice-sa.com> [Eric Covener]
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to
f1e3dd087b7ce34382df8354efddaae79caa11b7Mark Andrews OSCP responders. PR 46014 [Dr Stephen Henson <steve openssl.org>]
23ac7e663494ffdfd78b52d1a0a62d93f0d30d93Mark Andrews *) mod_authnz_ldap: don't return NULL-valued environment variables to
23ac7e663494ffdfd78b52d1a0a62d93f0d30d93Mark Andrews other modules. PR 39045 [Francois Pesce <francois.pesce gmail.com>]
458e816ed08044cfe82c89fecd38bce540b23ff0Mark Andrews *) Don't adjust case in pathname components that are not of interest
458e816ed08044cfe82c89fecd38bce540b23ff0Mark Andrews to mod_mime. Fixes mod_negotiation's use of such components.
b1ab6766f7cf3d2c189b415c50cc574d9b21a9a2Mark Andrews PR 43250 [Basant Kumar Kukreja <basant.kukreja sun.com>]
bc2510a6a5e406bdef580452e6ae3e1298a7d1d6Mark Andrews *) Be tolerant in what you accept - accept slightly broken
bc2510a6a5e406bdef580452e6ae3e1298a7d1d6Mark Andrews status lines from a backend provided they include a valid status code.
bc2510a6a5e406bdef580452e6ae3e1298a7d1d6Mark Andrews PR 44995 [Rainer Jung <rainer.jung kippdata.de>]
1160ea4c2847b276946cf6bd00504929ec4f6e44Mark Andrews *) New module mod_sed: filter Request/Response bodies through sed
1160ea4c2847b276946cf6bd00504929ec4f6e44Mark Andrews [Basant Kumar Kukreja <basant.kukreja sun.com>]
348d80fb8490f4547aaa569e5f7ea2a032543bacMark Andrews *) mod_auth_form: Make sure that basic authentication is correctly
47071b7310bd6d4d12169c336faac72c8c3d9ecfMark Andrews faked directly after login. [Graham Leggett]
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews *) mod_session_cookie, mod_session_dbd: Make sure cookies are set both
45f206e6c1521c710947e9d5e734c32c6b286b13Mark Andrews within the output headers and error output headers, so that the
f6f3264d8c81cda5d489e29d2141f1a92fbe4c84Mark Andrews session is maintained across redirects. [Graham Leggett]
f6f3264d8c81cda5d489e29d2141f1a92fbe4c84Mark Andrews *) mod_auth_form: Make sure the logged in user is populated correctly
960989925556246cc86f1905a5d62e6b0b69dc02Mark Andrews after a form login. Fixes a missing REMOTE_USER variable directly
960989925556246cc86f1905a5d62e6b0b69dc02Mark Andrews following a login. [Graham Leggett]
960989925556246cc86f1905a5d62e6b0b69dc02Mark Andrews *) mod_session_cookie: Make sure that cookie attributes are correctly
d77cab69bf9676f828c48c217828a25e8ba41c63Mark Andrews included in the blank cookie when cookies are removed. This fixes an
d77cab69bf9676f828c48c217828a25e8ba41c63Mark Andrews inability to log out when using mod_auth_form. [Graham Leggett]
d77cab69bf9676f828c48c217828a25e8ba41c63Mark Andrews *) mod_session: Prevent a segfault when a CGI script sets a cookie with a
f1b29d8428362842c429157b4925e529463eab4cEvan Hunt null value. [David Shane Holden <dpejesh apache.org>]
f1b29d8428362842c429157b4925e529463eab4cEvan Hunt *) core, authn/z: Determine registered authn/z providers directly in
d0c5ff7f65a08e2ccc9bc06e0ef9f61e36875b50Mark Andrews ap_setup_auth_internal(), which allows optional functions that just
d0c5ff7f65a08e2ccc9bc06e0ef9f61e36875b50Mark Andrews wrapped ap_list_provider_names() to be removed from authn/z modules.
d0c5ff7f65a08e2ccc9bc06e0ef9f61e36875b50Mark Andrews [Chris Darroch]
83a28ca274521e15086fc39febde507bcc4e145eMark Andrews *) authn/z: Convert common provider version strings to macros.
1585a9f239969a65b974ff741ff2a7a79b148891Evan Hunt [Chris Darroch]
1585a9f239969a65b974ff741ff2a7a79b148891Evan Hunt *) core: When testing for slash-terminated configuration paths in
2fb4184d9d55a6b8709356144730e323e265d58fEvan Hunt ap_location_walk(), don't look past the start of an empty string
2fb4184d9d55a6b8709356144730e323e265d58fEvan Hunt such as that created by a <Location ""> directive.
2fb4184d9d55a6b8709356144730e323e265d58fEvan Hunt [Chris Darroch]
5be93f5dff21fa067f52065e3521b7d82f32c779Mark Andrews *) core, mod_proxy: If a kept_body is present, it becomes safe for
5be93f5dff21fa067f52065e3521b7d82f32c779Mark Andrews subrequests to support message bodies. Make sure that safety
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman checks within the core and within the proxy are not triggered
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman when kept_body is present. This makes it possible to embed
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman proxied POST requests within mod_include. [Graham Leggett]
74d98566ed6a2280ea84d146e7c81275f1c5649dMark Andrews *) mod_auth_form: Make sure the input filter stack is properly set
74d98566ed6a2280ea84d146e7c81275f1c5649dMark Andrews up before reading the login form. Make sure the kept body filter
1c89e89eaf761c378fd48bfd1c4abf1b5ad026e9Evan Hunt is correctly inserted to ensure the body can be read a second
1c89e89eaf761c378fd48bfd1c4abf1b5ad026e9Evan Hunt time safely should the authn be successful. [Graham Leggett,
1c89e89eaf761c378fd48bfd1c4abf1b5ad026e9Evan Hunt Ruediger Pluem]
0c2d891abeb2b35e290ca9da29e1227110b5be23Mark Andrews *) mod_request: Insert the KEPT_BODY filter via the insert_filter
0c2d891abeb2b35e290ca9da29e1227110b5be23Mark Andrews hook instead of during fixups. Add a safety check to ensure the
fd017eea638d690b6a90c4d2a3f2ebe51c472173Mark Andrews filters cannot be inserted more than once. [Graham Leggett,
fd017eea638d690b6a90c4d2a3f2ebe51c472173Mark Andrews Ruediger Pluem]
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews *) ap_cache_cacheable_headers_out() will (now) always
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews merge an error headers _before_ clearing them and _before_
2595d1da358cc7391e001894d45471509976e7d5Mark Andrews merging in the actual entity headers and doing normal
6ef1cdec9a52a21a3db649817184702abfe6dd95Mark Andrews hop-by-hop cleansing. [Dirk-Willem van Gulik].
6ef1cdec9a52a21a3db649817184702abfe6dd95Mark Andrews *) cache: retire ap_cache_cacheable_hdrs_out() which was used
294ef74e5ad68d898207c4fb36d8b18d526a11f6Curtis Blackburn for both in- and out-put headers; and replace it by a single
1008577c673876037d60b5241a8f1de0d1b680d9Tinderbox User ap_cache_cacheable_headers() wrapped in a in- and out-put
294ef74e5ad68d898207c4fb36d8b18d526a11f6Curtis Blackburn specific ap_cache_cacheable_headers_in()/out(). The latter
fe6557e5901162308e716791077ace6811728242Mark Andrews which will also merge error and ensure content-type. To keep
fe6557e5901162308e716791077ace6811728242Mark Andrews cache modules consistent with ease. This API change bumps
21e5f9c5cdb3052f282e3dbdc2dc47f29cfe1187Mark Andrews up the minor MM by one [Dirk-Willem van Gulik].
21e5f9c5cdb3052f282e3dbdc2dc47f29cfe1187Mark Andrews *) Move the KeptBodySize directive, kept_body filters and the
4df43743ab1ef4bad2b96840a7b2b9c77bc82bc2Mark Andrews ap_parse_request_body function out of the http module and into a
4df43743ab1ef4bad2b96840a7b2b9c77bc82bc2Mark Andrews new module called mod_request, reducing the size of the core.
4df43743ab1ef4bad2b96840a7b2b9c77bc82bc2Mark Andrews [Graham Leggett]
60c47284e4d752ccefa57f47b61a9c82899f3297Mark Andrews *) mod_dbd: Handle integer configuration directive parameters with a
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews dedicated function.
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews *) Change the directives within the mod_session* modules to be valid
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews both inside and outside the location/directory sections, as
701aa95d9605fd6ad25b60dfd38d05a1942ee147Mark Andrews suggested by wrowe. [Graham Leggett]
7a3d063847290b204dfcedaef7288033c8424bfbEvan Hunt *) mod_auth_form: Add a module capable of allowing end users to log
7a3d063847290b204dfcedaef7288033c8424bfbEvan Hunt in using an HTML form, storing the credentials within mod_session.
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews [Graham Leggett]
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews *) Add a function to the http filters that is able to parse an HTML
b243aa40f97cb2f77fbe746977d61f0a8c2e9194Mark Andrews form request with the type of application/x-www-form-urlencoded.
2b8679cf0f832c5e55121eb23806da577d272dd7Francis Dupont [Graham Leggett]
6db55b4ff9b099bc8d6621f6e13ec1f087d35e04Mark Andrews *) mod_session_crypto: Initialise SSL in the post config hook.
2ac8829a8a7ce2f5fbcf006c3bf6c5a6c821abf3Mark Andrews [Ruediger Pluem, Graham Leggett]
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews *) mod_session_dbd: Add a session implementation capable of storing
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews session information in a SQL database via the dbd interface. Useful
744c1db6352c4c3f11c8538e4a2a57c8b0e0d570Mark Andrews for sites where session privacy is important. [Graham Leggett]
d9b96d0a42a70c1a43415dcbe0f8872b84d76a13Evan Hunt *) mod_session_crypto: Add a session encoding implementation capable
8a5809527e6c85e39699901712a455d5480907c1Evan Hunt of encrypting and decrypting sessions wherever they may be stored.
3d0f9f8cca44ba9f1972de9e3fcabe6b70b5a33bMark Andrews Introduces a level of privacy when sessions are stored on the
8a5809527e6c85e39699901712a455d5480907c1Evan Hunt browser. [Graham Leggett]
bd19cef22382906a11fb6f1ffdef11038e432bcaMark Andrews *) mod_session_cookie: Add a session implementation capable of storing
bd19cef22382906a11fb6f1ffdef11038e432bcaMark Andrews session information within cookies on the browser. Useful for high
a0e34c90eaf2464c6ef7c46c75c2df2dcb152293Mark Andrews volume sites where server bound sessions are too resource intensive.
a0e34c90eaf2464c6ef7c46c75c2df2dcb152293Mark Andrews [Graham Leggett]
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt *) mod_session: Add a generic session interface to unify the different
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt attempts at saving persistent sessions across requests.
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt [Graham Leggett]
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt *) core, authn/z: Avoid calling access control hooks for internal requests
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt with configurations which match those of initial request. Revert to
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews original behaviour (call access control hooks for internal requests
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews with URIs different from initial request) if any access control hooks or
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt providers are not registered as permitting this optimization.
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt Introduce wrappers for access control hook and provider registration
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt which can accept additional mode and flag data. [Chris Darroch]
9e0cd8be9aa2b24fa373fe227c5eaf5641ac62f4Mark Andrews *) Introduced ap_expr API for expression evaluation.
9e0cd8be9aa2b24fa373fe227c5eaf5641ac62f4Mark Andrews This is adapted from mod_include, which is the first module
fb9cdee4af778c5e53fc9e25f15364f5bbd2dae3Mark Andrews to use the new API.
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews *) mod_authz_dbd: When redirecting after successful login/logout per
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews AuthzDBDRedirectQuery, do not report authorization failure, and use
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews first row returned by database query instead of last row.
b1ab6766f7cf3d2c189b415c50cc574d9b21a9a2Mark Andrews [Chris Darroch]
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews *) mod_ldap: Correctly return all requested attribute values
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews when some attributes have a null value.
fd2f4551d9498e1dce8e44a24e5e886ef2aa75cbMark Andrews PR 44560 [Anders Kaseorg <anders kaseorg.com>]
fd2f4551d9498e1dce8e44a24e5e886ef2aa75cbMark Andrews *) core: check symlink ownership if both FollowSymlinks and
c5e8808e35310eddfd99398198660a3eb37ac51eMark Andrews SymlinksIfOwnerMatch are set [Nick Kew]
7c66fc970082f2f8b4a7ae1bbfca3531ab6798b4Mark Andrews *) core: fix origin checking in SymlinksIfOwnerMatch
32f4f500a5dfa77631217a390f3cd616827cab18Mukund Sivaraman PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
7c66fc970082f2f8b4a7ae1bbfca3531ab6798b4Mark Andrews *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the
2a80bc01530013293016172b1dcc1d12471ccf33Mark Andrews 'most' set for '--enable-modules' and '--enable-shared-mods'. Include
2a80bc01530013293016172b1dcc1d12471ccf33Mark Andrews mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik]
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews contain public function declarations which are useful for
2bbab60f504e4cd905080d42eae5cc8fe62599cbMark Andrews third party module authors. PR 42431 [Dirk-Willem van Gulik].
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews *) mod_dir, mod_negotiation: pass the output filter information
0b612b420df38f1b2f1ba19df727f77a492f08a7Mark Andrews to newly created sub requests; as these are later on used
0b612b420df38f1b2f1ba19df727f77a492f08a7Mark Andrews as true requests with an internal redirect. This allows for
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews mod_cache et.al. to trap the results of the redirect.
802e0662ef6041078cb7bad4cdb197a295eab770Mark Andrews [Dirk-Willem van Gulik, Ruediger Pluem]
802e0662ef6041078cb7bad4cdb197a295eab770Mark Andrews *) mod_ldap: Add support (taking advantage of the new APR capability)
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrews for ldap rebind callback while chasing referrals. This allows direct
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews searches on LDAP servers (in particular MS Active Directory 2003+)
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews using referrals without the use of the global catalog.
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews PRs 26538, 40268, and 42557 [Paul J. Reder]
94694e720a911a38b01ff5036c01d883b3c9cbb1Evan Hunt *) ApacheMonitor.exe: Introduce --kill argument for use by the
538c6bd3f15c6f525972e2226708805dbab03240Mark Andrews installer. This will permit the installation tool to remove
538c6bd3f15c6f525972e2226708805dbab03240Mark Andrews all running instances before attempting to remove the .exe.
ef1e2f790639e187d2286292f25593ad7c6c2391Witold Krecicki [William Rowe]
e8fab79146fe8010728513f4458cfd2f4d8bd48bWitold Krecicki *) mod_ssl: Add support for OCSP validation of client certificates.
c034b72ba147e86ec40816fdf0cfb19c9ed7f1d6Witold Krecicki PR 41123. [Marc Stern <marc.stern approach.be>, Joe Orton]
7d238ed0c71ca817fd1582295c6027c6b925af51Mark Andrews *) mod_serf: New module for Reverse Proxying. [Paul Querna]
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews *) core: Add the option to keep aside a request body up to a certain
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews size that would otherwise be discarded, to be consumed by filters
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews such as mod_include. When enabled for a directory, POST requests
2f1c460beaa1e372255e7a1b8aad8996f011816dMark Andrews to shtml files can be passed through to embedded scripts as POST
2f1c460beaa1e372255e7a1b8aad8996f011816dMark Andrews requests, rather being downgraded to GET requests. [Graham Leggett]
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews *) mod_ssl: Fix TLS upgrade (RFC 2817) support. PR 41231. [Joe Orton]
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews *) scoreboard: Correctly declare ap_time_process_request.
8b2b41ba4f8cabed897f2d852a6c07abfb23231eMark Andrews *) core; scoreboard: ap_get_scoreboard_worker(sbh) now takes the sbh member
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews from the connection rec, ap_get_scoreboard_worker(proc, thread) will now
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews provide the unusual legacy lookup. [William Rowe]
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt *) mpm winnt: fix null pointer dereference
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt PR 42572 [Davi Arnaut]
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt *) mod_authnz_ldap, mod_authn_dbd: Tidy up the code to expose authn
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews parameters to the environment. Improve portability to
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews EBCDIC machines by using apr_toupper(). [Martin Kraemer]
d9a713819621972af4f90dfaa9e2bc72aad54d48Mark Andrews *) mod_ldap, mod_authnz_ldap: Add support for nested groups (i.e. the ability
8269f06a0fdaf5f4f03ffb20a3c0effd557c794cMark Andrews to authorize an authenticated user via a "require ldap-group X" directive
db9781d4a2ed15c4b34bb5c97ea68b8f598992fcMark Andrews where the user is not in group X, but is in a subgroup contained in X.
db9781d4a2ed15c4b34bb5c97ea68b8f598992fcMark Andrews PR 42891 [Paul J. Reder]
6f2752da7a1036cd59be17236ca66630d00f11cdMukund Sivaraman *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna]
f0244761611dc4d0f80b36c0c0ccdb26fa6cf830Mark Andrews *) apxs: Enhance -q flag to print all known variables and their values
f0244761611dc4d0f80b36c0c0ccdb26fa6cf830Mark Andrews when invoked without variable name(s).
f0244761611dc4d0f80b36c0c0ccdb26fa6cf830Mark Andrews [William Rowe, Sander Temme]
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews *) apxs: Eliminate run-time check for mod_so. PR 40653.
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews [David M. Lee <dmlee crossroads.com>]
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews *) beos MPM: Create pmain pool and run modules' child_init hooks when
178dc0e1d617a6ef6387e9942ba9cdb370d1bde2Mark Andrews entering ap_mpm_run(), then destroy pmain when exiting ap_mpm_run().
178dc0e1d617a6ef6387e9942ba9cdb370d1bde2Mark Andrews [Chris Darroch]
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews *) netware MPM: Destroy pmain pool when exiting ap_mpm_run() so that
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews cleanups registered in modules' child_init hooks are performed.
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews [Chris Darroch]
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews *) Fix issue which could cause error messages to be written to access logs
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews on Win32. PR 40476. [Tom Donovan <Tom.Donovan acm.org>]
143526179e5965921e1bd17a4759c3993854b4f4Mark Andrews *) The LockFile directive, which specifies the location of
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews the accept() mutex lockfile, is deprecated. Instead, the
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews AcceptMutex directive now takes an optional lockfile
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews location parameter, ala SSLMutex. [Jim Jagielski]
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt *) mod_authn_dbd: Export any additional columns queried in the SQL select
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt into the environment with the name AUTHENTICATE_<COLUMN>. This brings
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt mod_authn_dbd behaviour in line with mod_authnz_ldap. [Graham Leggett]
ce786900292468e465fb74df8712a625ce10e103Mukund Sivaraman *) mod_dbd: Key the storage of prepared statements on the hex string
ce786900292468e465fb74df8712a625ce10e103Mukund Sivaraman value of server_rec, rather than the server name, as the server name
d102ab1b847716b045640faebf074a8092e0b023Mark Andrews may change (eg when the server name is set) at any time, causing
d102ab1b847716b045640faebf074a8092e0b023Mark Andrews weird behaviour in modules dependent on mod_dbd. [Graham Leggett]
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews *) mod_proxy_fcgi: Added win32 build. [Mladen Turk]
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt *) sendfile_nonblocking() takes the _brigade_ as an argument, gets
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt the first bucket from the brigade, finds it not to be a FILE
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt bucket and barfs. The fix is to pass a bucket rather than a brigade.
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt [Niklas Edmundsson <nikke acc.umu.se>]
7df3f06c0bf0b78a88221348d6af6704d9ece7efMark Andrews *) mod_rewrite: support rewritemap by SQL query [Nick Kew]
d1cacbb37474b0cbee6c1ddd05d27f731b2b43baMark Andrews *) ap_get_server_version() has been removed. Third-party modules must
d1cacbb37474b0cbee6c1ddd05d27f731b2b43baMark Andrews now use ap_get_server_banner() or ap_get_server_description().
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews [Jeff Trawick]
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews *) All MPMs: Introduce a check_config phase between pre_config and
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews open_logs, to allow modules to review interdependent configuration
4d506ae0d1671e5a1272ef1ef13986af01616ac4Mark Andrews directive values and adjust them while messages can still be logged
65a3f6329735860093004f6b0fe69d6be886417bTinderbox User to the console. Handle relevant MPM directives during this phase
8b82b4982c21dfeb164f04700c7204f6541a7856Evan Hunt and format messages for both the console and the error log, as
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews appropriate. [Chris Darroch]
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
f9e49fd80e2ac4fce0fef11d330b88ff3693ad99Witold Krecicki to circumvent the symbolic link checks imposed by FollowSymLinks and
f9e49fd80e2ac4fce0fef11d330b88ff3693ad99Witold Krecicki SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews The default is none as this is far greater debugging resolution than
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews the typical administrator is prepared to untangle. [William Rowe]
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews *) mod_disk_cache: If possible, check if the size of an object to cache is
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt within the configured boundaries before actually saving data.
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt [Niklas Edmundsson <nikke acc.umu.se>]
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt *) Worker and event MPMs: Remove improper scoreboard updates which were
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt performed in the event of a fork() failure. [Chris Darroch]
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt *) Add support for fcgi:// proxies to mod_rewrite.
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt [Markus Schiegl <ms schiegl.com>]
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt *) Remove incorrect comments from scoreboard.h regarding conditional
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt loading of worker_score structure with mod_status, and remove unused
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt definitions relating to old life_status field.
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt [Chris Darroch <chrisd pearsoncmg.com>]
c27c710939766a7bb315bde1f12ab18d93c77cc8Mark Andrews *) Remove allocation of memory for unused array of lb_score pointers
c27c710939766a7bb315bde1f12ab18d93c77cc8Mark Andrews in ap_init_scoreboard(). [Chris Darroch <chrisd pearsoncmg.com>]
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman *) Add mod_proxy_fcgi, a FastCGI back end for mod_proxy.
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman [Garrett Rooney, Jim Jagielski, Paul Querna]
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman *) Event MPM: Fill in the scoreboard's tid field. PR 38736.
555469af35c12189525921abbc3de3cefb5f9f0fMark Andrews [Chris Darroch <chrisd pearsoncmg.com>]
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews *) mod_charset_lite: Remove Content-Length when output filter can
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews invalidate it. Warn when input filter can invalidate it.
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews [Jeff Trawick]
b4bbf494183e4158b417d9200297ff0764af2f9dMark Andrews *) Authz: Add the new module mod_authn_core that will provide common
b4bbf494183e4158b417d9200297ff0764af2f9dMark Andrews authn directives such as 'AuthType', 'AuthName'. Move the directives
f3a4a5f8db3d9fd352a3e2eb6be779a78da03f52Mark Andrews 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias
f3a4a5f8db3d9fd352a3e2eb6be779a78da03f52Mark Andrews into mod_authn_core. [Brad Nicholes]
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy'
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews into the new module mod_access_compat which can be loaded to provide
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews support for these directives.
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews [Brad Nicholes]
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews *) Authz: Move the 'Require' directive from the core module as well as
bc09fd1365d1a48972fa99cd6ed2aa788a28ef33Mark Andrews add the directives '<SatisfyAll>', '<SatisfyOne>', '<RequireAlias>'
bc09fd1365d1a48972fa99cd6ed2aa788a28ef33Mark Andrews and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR'
bc09fd1365d1a48972fa99cd6ed2aa788a28ef33Mark Andrews logic into the authorization processing. [Brad Nicholes]
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews *) Authz: Add the new module mod_authz_core which acts as the
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews authorization provider vector and contains common authz
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews directives. [Brad Nicholes]
33f91e248b67afa96c5b855ba3ace20b5d89dbd0Mark Andrews *) Authz: Renamed mod_authz_dbm authz providers from 'group' and
33f91e248b67afa96c5b855ba3ace20b5d89dbd0Mark Andrews 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes]
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt host-based access control provided by mod_authz_host and invoked
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt through the 'Require' directive. [Brad Nicholes]
9e4811dc90cca1f6f2d1ef86182f9613add06df3Mark Andrews *) Authz: Convert all of the authz modules from hook based to
9e4811dc90cca1f6f2d1ef86182f9613add06df3Mark Andrews provider based. [Brad Nicholes]
12b791ae2018561482f3b68dd6658c2ad1a4d934Mark Andrews *) mod_cache: Add CacheMinExpire directive to set the minimum time in
12b791ae2018561482f3b68dd6658c2ad1a4d934Mark Andrews seconds to cache a document.
080582dc4739cabf0170b54e9a453785d577e364Mark Andrews [Brian Akins <brian.akins turner.com>, Ruediger Pluem]
080582dc4739cabf0170b54e9a453785d577e364Mark Andrews *) mod_authz_dbd: SQL authz with Login/Session support [Nick Kew]
3a71cd8ca3c4970b71ef503553eda2666ce3d2b1Mark Andrews *) Fix typo in ProxyStatus syntax error message.
3a71cd8ca3c4970b71ef503553eda2666ce3d2b1Mark Andrews [Christophe Jaillet <christophe.jaillet wanadoo.fr>]
02ceed9f83f82f0de35c7bd73c27a33d4f0fe9cbMark Andrews *) Asynchronous write completion for the Event MPM. [Brian Pane]
32431c79c76257130e1b31223e59a614e19bea1bEvan Hunt *) Added an End-Of-Request bucket type. The logging of a request and
32431c79c76257130e1b31223e59a614e19bea1bEvan Hunt the freeing of its pool are now done when the EOR bucket is destroyed.
32431c79c76257130e1b31223e59a614e19bea1bEvan Hunt This has the effect of delaying the logging until right after the last
8db83c1e908ac92a28ad0dd6dc2bdcff1d20084cWitold Krecicki of the response is sent; ap_core_output_filter() calls the access logger
8db83c1e908ac92a28ad0dd6dc2bdcff1d20084cWitold Krecicki indirectly when it destroys the EOR bucket. [Brian Pane]
ba340e446906b21925df63b0dec9b299ef093ad2Witold Krecicki *) Rewrite of logresolve support utility: IPv6 addresses are now supported
b62db16a580addacf9b2a4d0a6e272632ad5712aMark Andrews and the format of statistical output has changed. [Colm MacCarthaigh]
b62db16a580addacf9b2a4d0a6e272632ad5712aMark Andrews *) Rewrite of ap_coreoutput_filter to do nonblocking writes [Brian Pane]
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews *) Added new connection states for handler and write completion
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews [Brian Pane]
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews *) mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews [Justin Erenkrantz]
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
6d609c3cbe7d91bf02ac60a4a34cc4bffa13a3e6Evan Hunt allowing string-valued client certificate attributes to be used for
6d609c3cbe7d91bf02ac60a4a34cc4bffa13a3e6Evan Hunt access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
6d609c3cbe7d91bf02ac60a4a34cc4bffa13a3e6Evan Hunt [Martin Kraemer, David Reid]
b83e886b3023c9a3bb40f20e399c3d2d40604eadEvan Hunt [Apache 2.3.0-dev includes those bug fixes and changes with the
b83e886b3023c9a3bb40f20e399c3d2d40604eadEvan Hunt Apache 2.2.xx tree as documented, and except as noted, below.]
801707fe19600313a0b1f7845a518100f69e58b6Evan HuntChanges with Apache 2.2.x and later:
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup
801707fe19600313a0b1f7845a518100f69e58b6Evan HuntChanges with Apache 2.0.x and later:
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
adb0ac475d4a58404812eee3a158447decf9e026Tinderbox UserChanges with Apache 1.3.x and later: